Scalable, trustEd, and interoperAble pLatform for sEcureD smart GRID

Duration: 01/01/2018 to 01/01/2021

Project Overview: 

The rapid evolution of ICT has revealed the potential for centrally monitoring, controlling, and optimising the power grid. In this context, a more intelligent, responsive, and efficient, system has been devised, known as the Smart Grid (SG). This SG will be supported by a dynamic two-way information exchange between utility companies and their customers, contributing towards a smart and sustainable energy management in Europe and the establishment of a wiser energy consumption mentality. However, besides the benefits of such an endeavour, the power grid will be exposed to security threats inherited from the ICT sector, while privacy issues and new vulnerabilities, related to the specific characteristics of the SG infrastructure, will emerge. The problem is assessed as crucial, if we consider that a potential attack to the SG may lead to cascading failures, ranging from destruction of other interconnected critical infrastructures to loss of human lives. Thus, the development of a security platform tailored to the SG is required, that i) can efficiently manage the plethora of SG nodes, ii) deal with potential malicious hardware or software modifications due to the physical access of the customers to the SG nodes, and iii) operate over heterogeneous systems. 

Considering all the above, SealedGRID aims at bringing together experts from industry and academia from cross-sectorial research areas having complementary background with the long-term goal to design, analyse, and implement a scalable, highly trusted and interoperable SG security platform. The platform will combine, for the very first time, technologies like Blockchain, Distributed Hash Tables, Trusted Execution Environments, and OpenID Connect, while for its realization the SealedGRID consortium is committed to a fully-integrated and multi-disciplinary secondment programme combined with a set of networking, dissemination, and exploitation activities.

In the special case of NICS Lab, it will be in charge of all the interoperability processes between systems following secure procedures composed of authorization mechanisms together with context-aware mechanisms. The goal is to protect the access to restrictive areas taking into account a set of access parameters such as the type of user, type of action or the real health of the demanded area. Apart from leading these actions, NICS Lab will also participate in all the actions related to key management, authentication and privacy. So far, the SealedGRID architecture is already proposed in [1] and its main components are described in [2].


  • October 2018—Issue 1: SealedGRID Scalable, trustEd, and interoperAble pLatform for sEcureD smart GRID
  • February 2019—Issue 2: SealedGRID Scalable, trustEd, and interoperAble pLatform for sEcureD smart GRID
  • June 2019—Issue3: SealedGRID Scalable, trustEd, and interoperAble pLatform for sEcureD smart GRID






  1. C. Alcaraz, "Secure Interconnection of IT-OT Networks in Industry 4.0",
    Critical Infrastructure Security and Resilience: Theories, Methods, Tools and Technologies, no. Advanced Sciences and Technologies for Security Applications book series (ASTSA), Springer International Publishing, pp. 201-217, 01/2019. DOI More..


    Increasingly, the society is witnessing how today’s industry is adapting the new technologies and communication protocols to offer more optimal and reliable services to end-users, with support for inter-domain communication belonging to diverse critical infrastructures. As a consequence of this technological revolution, interconnection mechanisms are required to offer transparency in the connections and protection in the different application domains, without this implying a significant degradation of the control requirements. Therefore, this book chapter presents a reference architecture for the new Industry 4.0 where the interconnection core is mainly concentrated in the Policy Decision Points (PDP), which can be deployed in high volume data processing and storage technologies such as cloud and fog servers. Each PDP authorizes actions in the field/plant according to a set of factors (entities, context and risks) computed through the existing access control measures, such as RBAC+ABAC+Risk-BAC (Role/Attribute/Risk-Based Access Control, respectively), to establish coordinated and constrained accesses in extreme situations. Part of these actions also includes proactive risk assessment measures to respond to anomalies or intrusive threats in time.

  2. A. Farao, et al., "SealedGRID: A Secure Interconnection of Technologies for Smart Grid Applications",
    14th International Conference on Critical Information Infrastructures Security (CRITIS 2019), vol. 11777, Springer, Cham, pp. 169-175, 12/2019. DOI More..


    In recent years, the Smart Grid has increasingly integrated cutting-edge technologies that generate several benefits for all the stakeholders involved, such as a more accurate billing system and enhanced Demand Response procedures. However, this modernization also brings with it diverse cyber security and privacy issues, which sets the necessity for developing a security platform specifically tailored to this scenario. In this paper, we present SealedGRID, which proposes a flexible architecture that provides security services at all levels by implementing Trusted Execution Environments on their devices, together with advanced authentication and authorization mechanisms, as well as privacy preserving techniques. These technologies are presented in depth and a final security analysis is conducted, which highlights the contributions of this project.